Oculus updates privacy controls to comply with GDPR rules

Sponsored Links

Devindra Hardawar/Engadget

By and large, Facebook has chosen to weasel out of its earlier claims to extend GDPR privacy protections worldwide, even though it really could. Meanwhile, other parts of the company are grappling with the EU's rules, which go into effect on May 25th. One of those is Oculus, which announced changes to its privacy controls, terms of service and a new code of conduct to safeguard users in VR environments -- which will apply to users globally.

In regards to the current privacy fears circling around Facebook, Oculus made a blog post to accompany the changes addressing obvious questions. The company assured that it doesn't feed Facebook user data that would be used by third parties to target advertisements based on an individual's behavior on the Oculus platform. The information shared with the social media giant is "limited" -- for example, if someone is flagged on one service, that will transfer over to the other. But users could be sharing even more info if they link accounts on both platforms.

The 'My Privacy Center' feature will go live on May 20th and give users a look at the data Oculus has collected on them. They won't be able to see any information that's been anonymized, including the movements made while in VR, which previously got the company in hot water with then-Senator Al Franken. The privacy center also won't show data stored locally on an Oculus device, like height, or sensitive stuff like credit card info.

The code of conduct, which will soon be moved to the Terms of Service to increase its visibility, already prohibits users from using or hawking sexually explicit content. Like Facebook's code, it also bans content that is "hateful or racially offensive" or that "attacks people based on race, ethnicity, nationality, religious affiliation, sexual orientation, sex, gender, gender identity, diseases or disability." Users also cannot harass others or encourage illegal activity or real-world violence.

If a user deletes their account, they should expect it to be gone within 90 days. That won't wipe every trace from the company's servers, as Oculus will still hold on to pieces like certain purchase information, which is retained for tax and financial purposes.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.